L1K3Beef

**Name of the Vulnerable Software and Affected Versions** Azure PromptFlow (affected versions not specified) **Description** The issue is related to improper isolation or compartmentalization in Azure PromptFlow, allowing an unauthorized attacker to execute code over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA ChatRTX for Windows (affected versions not specified) **Description** The issue concerns improper privilege management in the UI of NVIDIA ChatRTX for Windows. An attacker can exploit this by sending open file requests to the application, potentially leading to local escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Triton Inference Server (affected versions not specified) **Description** The issue is related to errors in processing relative paths to directories during model loading in NVIDIA Triton Inference Server. This can allow a remote attacker to gain unauthorized access to protected information, elevate privileges, execute arbitrary code, or cause a denial of service using the --model-control explicit configuration. The vulnerability can be exploited through the model load API, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Server Update Services (WSUS) (affected versions not specified) **Description** The issue is related to insufficient access restrictions in Windows Server Update Services (WSUS), which can allow an attacker to elevate their privileges. This can impact the system, potentially leading to unauthorized access or control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11 **Description** A flaw exists in the Upload component of Oracle Web Applications Desktop Integrator within Oracle E-Business Suite. This issue allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation can lead to a complete takeover of Oracle Web Applications Desktop Integrator. The vulnerability is easily exploitable and has been actively exploited in the wild. Analysis indicates that exploitation can be achieved through payloads based on Perl and Java Server Pages (JSP) for remote code execution. Reports suggest this issue was exploited as early as January 2023, with a proof-of-concept (POC) published in February 2023. **Recommendations** Versions 12.2.3 through 12.2.11 should be updated to a newer, secure version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.